On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote:
> >So that log entry might be for the submission port, unless you've
> >configured it along the lines above.
>
> I believe this is already set in my master.cf, which is:
>
> smtp inet n - n - - smtpd
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> -o smtpd_tls_security_level=may
In that case, consider disabling SASL auth by default (main.cf),
and enabling it only for the submission service. That should
eliminate all the port 25 SASL attacks.
--
Viktor.
